SSL基础:18:使用-newkey同时生成私钥和CSR文件

在这里插入图片描述
openssl有很多子命令和设定选项,但常用的翻来覆去就是那几条,这篇文章继续介绍在各种证书生成教程中出现的req子命令的-newkey选项。

-new VS -newkey

-new选项一般需要结合genrsa子命令创建私钥之后创建CSR文件,而-newkey则可使用一行命令同时完成私钥和CSR文件的创建。

设定选项设定选项说明
openssl req创建证书签名请求等功能
-nodes对私钥不进行加密
-newkey创建CSR证书签名文件和RSA私钥文件
rsa:2048指定创建的RSA私钥长度为2048
-keyout创建的私钥文件名称
-out指定CSR输出文件名
-subj指定证书Subject内容

Subject设定内容说明

字段含义设定值例
/C=CountryCN
/ST=StateLiaoNing
/L=LocationDaLian
/O=Organizationdevops
/OU=Organizationalunicorn
/CN=Common Namedevops.com

生成私钥和CSR文件

liumiaocn:csr liumiao$ openssl req -newkey rsa:2048 -keyout ca.key  -nodes -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com"
Generating a 2048 bit RSA private key
.............................................+++
.....+++
writing new private key to 'ca.key'
-----
liumiaocn:csr liumiao$ ls
ca.key		request.csr
liumiaocn:csr liumiao$

可以看到同时生成了私钥和CSR文件

结果确认

base64编码后的私钥和CSR文件显示如下所示

liumiaocn:csr liumiao$ cat ca.key 
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/uSP/0+qO0Pw8
9h7wSffMmrp+v9oehUJe4XoDk9h0lUFbEMD/pGiE6OzGAUkAVLxO/n7kEHC2LgNa
DxoubufjPsQoogw0HUSvDjiGfZQTri2wzMl6LNxPSD1qP2L2SYoqu6Gu5NV/Pv2w
AAcxQArYvJ9sw/N61HJjRRnJoVt/nY/nMt4Kr/x8QHvSpgMSmEajBBOqpECKLONI
bY32wFOcZzVwFnvN/ZKYQ3al4m1dpvfLb9E/AxvJopfRjSinBJj8FmQvNR9TbU2c
x6h88GqExbOq1w08t+iGSCKOFVC8fbgdgD2zUFKNOe19odCQgMgASsT/wZJYJAuv
08SHYIqfAgMBAAECggEAZNAYkuQ+2Vwg1nlgqV9rsqXF3PJK4nOWA8gyXYE3d44o
MJdttL8hyomkPzXbyhXEcxE1bf0LF3C4iHmafcIJox+VC/yxyBF/1UD4DhgobfTP
x8DXTKwcKIBG8wBjrDfdND03dnyTmvZndU1+erI/QdplRk7/T544i+SA+9oh/8bR
0zIFIyWxMm7Xkr2pJioUndWxtCI/sN2eEB1XYtoR5jTJiTzIc7bC2krS6PM7j5/t
6epT+M4hQFc9J7KKnuKzFh3TMyDKMx/ARdX/zq1ZPKqBsyAYFrH9jGncyvrINhrP
fHb2GuTbxPCFGkvnc4a/a1GKXJz0aLhYXZT8xUnu4QKBgQD/bVbDrZM4uFvzdELF
8mSudKlENG6pbgtJ2AO/L2G13oMUguJZw2UCEFLeHdQTQQDI7SY2z7yIDmXSEFEQ
aEEi7nDMUTQ/1RjlaoooWuixj8Di42CaplznTGhgwliJcbirVzoIEI0FDzV6bSm+
1Y5CEWval9WKzqpZVIQ2Js1bUQKBgQDAJzllu+OJ+fz1So0jK9cwzdipyOQXaO8k
7fhQ4iWJNtjrr1uB4AzfDyyPBkDoaNOinaf4gM5/1XjMzhxk5gw5sGzGuks1n1A+
dwch8m7zwUt1q0W4pDO0iWcL9wzBGtUN6Le+zr2yUN8ASt+RTq4grflbUiODnux/
vt4O3J0q7wKBgQDrt7uaWVTDw18YDPKSOl8vn/mVN83oDeXc/7x1cwR5Eh9ljmPU
8r0EaowO7vgHzLUst63MZ2lVJfRRJz2oJo317pWp+EZ/oeiXzvoww7R6KG+Y8rzz
+xNBYQHySWfrb0c82AJ17tA1GxP/Jz6fHfVqgylFUVl//7i1N4nLb4OUAQKBgHpL
vKU6OyyC1fOMOl3LNk+Sg7Yz7K/VkncPmj5oYHl/VfpTBkuXvLlvH+37je4dYa0a
6GAqIsOLqzG2cK3rGJbS6bhlsx5ywhCvkvORJ/qt6IgAtQQ6Rco+tT4RQ6XXnQgY
OHIRhPxrqjK2dKo3yG12LMFper73tA/t+8i7srAzAoGBANuMoNGHoSQL2uKqgSqS
D+S9S2JFvUIcdLsipdCoLe7q10ssBsVDaPqBbYGGRhKxnzR69SOaGDIhzW+oZNHR
EEs0kbMl++POK3j9Ihj8ZR/jskAemb06aUIuDdGgDBl/LkTzHcEelY5sHmDhw46o
vuaqZjrA7xkC7ib/EK4gZ493
-----END PRIVATE KEY-----
liumiaocn:csr liumiao$ cat request.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIICrjCCAZYCAQAwaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCExpYW9OaW5nMQ8w
DQYDVQQHDAZEYUxpYW4xDzANBgNVBAoMBmRldm9wczEQMA4GA1UECwwHdW5pY29y
bjETMBEGA1UEAwwKZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL+5I//T6o7Q/Dz2HvBJ98yaun6/2h6FQl7hegOT2HSVQVsQwP+kaITo
7MYBSQBUvE7+fuQQcLYuA1oPGi5u5+M+xCiiDDQdRK8OOIZ9lBOuLbDMyXos3E9I
PWo/YvZJiiq7oa7k1X8+/bAABzFACti8n2zD83rUcmNFGcmhW3+dj+cy3gqv/HxA
e9KmAxKYRqMEE6qkQIos40htjfbAU5xnNXAWe839kphDdqXibV2m98tv0T8DG8mi
l9GNKKcEmPwWZC81H1NtTZzHqHzwaoTFs6rXDTy36IZIIo4VULx9uB2APbNQUo05
7X2h0JCAyABKxP/BklgkC6/TxIdgip8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IB
AQBHNTMmjnnY4JADjdt1vVaOh2k2bzAozgCyQZ3DLliP4LZ+4AoTkPJhH2tZk2na
9dPNF6YrBov+eZyK58InSXork1ad9tinmLE/mJVWyrAplXrG6cvnaT6hyDRyHBeZ
gnECr75mSLAZ6VBUeAPQXtWEexYFYZR87Ck8vtUsU7BEcTg8dG7iW7R4CiLxja6P
2+s5rrvIDRxlh4nzOCAg1ac0XC9DVifEDJPe+oTYPFvfgf7qu9U0xYcPSbzVHf5+
b6Tz83OWf5s0zZcBgcT+o7aqlut21vZF7GqI5Jkpp5viY1eqVOUlneDxSm4G4wGa
gZhIuihc0SMW2+oMe65lxNEn
-----END CERTIFICATE REQUEST-----
liumiaocn:csr liumiao$ 

确认CSR内容

liumiaocn:csr liumiao$ openssl req -text -noout -verify -in request.csr 
verify OK
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=CN, ST=LiaoNing, L=DaLian, O=devops, OU=unicorn, CN=devops.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bf:b9:23:ff:d3:ea:8e:d0:fc:3c:f6:1e:f0:49:
                    f7:cc:9a:ba:7e:bf:da:1e:85:42:5e:e1:7a:03:93:
                    d8:74:95:41:5b:10:c0:ff:a4:68:84:e8:ec:c6:01:
                    49:00:54:bc:4e:fe:7e:e4:10:70:b6:2e:03:5a:0f:
                    1a:2e:6e:e7:e3:3e:c4:28:a2:0c:34:1d:44:af:0e:
                    38:86:7d:94:13:ae:2d:b0:cc:c9:7a:2c:dc:4f:48:
                    3d:6a:3f:62:f6:49:8a:2a:bb:a1:ae:e4:d5:7f:3e:
                    fd:b0:00:07:31:40:0a:d8:bc:9f:6c:c3:f3:7a:d4:
                    72:63:45:19:c9:a1:5b:7f:9d:8f:e7:32:de:0a:af:
                    fc:7c:40:7b:d2:a6:03:12:98:46:a3:04:13:aa:a4:
                    40:8a:2c:e3:48:6d:8d:f6:c0:53:9c:67:35:70:16:
                    7b:cd:fd:92:98:43:76:a5:e2:6d:5d:a6:f7:cb:6f:
                    d1:3f:03:1b:c9:a2:97:d1:8d:28:a7:04:98:fc:16:
                    64:2f:35:1f:53:6d:4d:9c:c7:a8:7c:f0:6a:84:c5:
                    b3:aa:d7:0d:3c:b7:e8:86:48:22:8e:15:50:bc:7d:
                    b8:1d:80:3d:b3:50:52:8d:39:ed:7d:a1:d0:90:80:
                    c8:00:4a:c4:ff:c1:92:58:24:0b:af:d3:c4:87:60:
                    8a:9f
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         47:35:33:26:8e:79:d8:e0:90:03:8d:db:75:bd:56:8e:87:69:
         36:6f:30:28:ce:00:b2:41:9d:c3:2e:58:8f:e0:b6:7e:e0:0a:
         13:90:f2:61:1f:6b:59:93:69:da:f5:d3:cd:17:a6:2b:06:8b:
         fe:79:9c:8a:e7:c2:27:49:7a:2b:93:56:9d:f6:d8:a7:98:b1:
         3f:98:95:56:ca:b0:29:95:7a:c6:e9:cb:e7:69:3e:a1:c8:34:
         72:1c:17:99:82:71:02:af:be:66:48:b0:19:e9:50:54:78:03:
         d0:5e:d5:84:7b:16:05:61:94:7c:ec:29:3c:be:d5:2c:53:b0:
         44:71:38:3c:74:6e:e2:5b:b4:78:0a:22:f1:8d:ae:8f:db:eb:
         39:ae:bb:c8:0d:1c:65:87:89:f3:38:20:20:d5:a7:34:5c:2f:
         43:56:27:c4:0c:93:de:fa:84:d8:3c:5b:df:81:fe:ea:bb:d5:
         34:c5:87:0f:49:bc:d5:1d:fe:7e:6f:a4:f3:f3:73:96:7f:9b:
         34:cd:97:01:81:c4:fe:a3:b6:aa:96:eb:76:d6:f6:45:ec:6a:
         88:e4:99:29:a7:9b:e2:63:57:aa:54:e5:25:9d:e0:f1:4a:6e:
         06:e3:01:9a:81:98:48:ba:28:5c:d1:23:16:db:ea:0c:7b:ae:
         65:c4:d1:27
liumiaocn:csr liumiao$ 
淼叔 CSDN认证博客专家 神经网络 TensorFlow NLP
资深架构师,PMP、OCP、CSM、HPE University讲师,EXIN DevOps Professional与DevOps Master认证讲师,曾担任HPE GD China DevOps & Agile Leader,帮助企业级客户提供DevOps咨询培训以及实施指导。熟悉通信和金融领域,有超过十年金融外汇行业的架构设计、开发、维护经验,在十几年的IT从业生涯中拥有了软件开发设计领域接近全生命周期的经验和知识积累,著有企业级DevOps技术与工具实战。
已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 数字20 设计师:CSDN官方博客 返回首页